commit 705392e011ecb72fd1cb0064bebfdff6fa94ae61 · pyrox.dev/nixpkgs

+81 -81

nixos/modules/services/networking/tinc.nix

···

       351
        
       

     

       352
        
         config = mkIf (cfg.networks != { }) (

     

       353
        
           let

     

       354
       -
           etcConfig = foldr (a: b: a // b) { }

     

       355
       -
             (flip mapAttrsToList cfg.networks (network: data:

     

       356
       -
               flip mapAttrs' data.hosts (host: text: nameValuePair

     

       357
       -
                 ("tinc/${network}/hosts/${host}")

     

       358
       -
                 ({ mode = "0644"; user = "tinc.${network}"; inherit text; })

     

       359
       -
               ) // {

     

       360
       -
                 "tinc/${network}/tinc.conf" = {

     

       361
       -
                   mode = "0444";

     

       362
       -
                   text = ''

     

       363
       -
                     ${toTincConf ({ Interface = "tinc.${network}"; } // data.settings)}

     

       364
       -
                     ${data.extraConfig}

     

       365
       -
                   '';

     

       366
       -
                 };

     

       367
       -
               }

     

       368
       -
             ));

     

       369
        
           in {

     

       370
       -
           environment.etc = etcConfig;

     

       371
        
       

     

       372
       -
           systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair

     

       373
       -
             ("tinc.${network}")

     

       374
       -
             (let version = getVersion data.package; in {

     

       375
       -
               description = "Tinc Daemon - ${network}";

     

       376
       -
               wantedBy = [ "multi-user.target" ];

     

       377
       -
               path = [ data.package ];

     

       378
       -
               reloadTriggers = mkIf (versionAtLeast version "1.1pre") [ (builtins.toJSON etcConfig) ];

     

       379
       -
               restartTriggers = mkIf (versionOlder version "1.1pre") [ (builtins.toJSON etcConfig) ];

     

       380
       -
               serviceConfig = {

     

       381
       -
                 Type = "simple";

     

       382
       -
                 Restart = "always";

     

       383
       -
                 RestartSec = "3";

     

       384
       -
                 ExecReload = mkIf (versionAtLeast version "1.1pre") "${data.package}/bin/tinc -n ${network} reload";

     

       385
       -
                 ExecStart = "${data.package}/bin/tincd -D -U tinc.${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}";

     

       386
       -
               };

     

       387
       -
               preStart = ''

     

       388
       -
                 mkdir -p /etc/tinc/${network}/hosts

     

       389
       -
                 chown tinc.${network} /etc/tinc/${network}/hosts

     

       390
       -
                 mkdir -p /etc/tinc/${network}/invitations

     

       391
       -
                 chown tinc.${network} /etc/tinc/${network}/invitations

     

       392
        
       

     

       393
       -
                 # Determine how we should generate our keys

     

       394
       -
                 if type tinc >/dev/null 2>&1; then

     

       395
       -
                   # Tinc 1.1+ uses the tinc helper application for key generation

     

       396
       -
                 ${if data.ed25519PrivateKeyFile != null then "  # ed25519 Keyfile managed by nix" else ''

     

       397
       -
                   # Prefer ED25519 keys (only in 1.1+)

     

       398
       -
                   [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys

     

       399
       -
                 ''}

     

       400
       -
                 ${if data.rsaPrivateKeyFile != null then "  # RSA Keyfile managed by nix" else ''

     

       401
       -
                   [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096

     

       402
       -
                 ''}

     

       403
       -
                   # In case there isn't anything to do

     

       404
       -
                   true

     

       405
       -
                 else

     

       406
       -
                   # Tinc 1.0 uses the tincd application

     

       407
       -
                   [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096

     

       408
       -
                 fi

     

       409
       -
               '';

     

       410
       -
             })

     

       411
       -
           );

     

       412
        
       

     

       413
       -
           environment.systemPackages = let

     

       414
       -
             cli-wrappers = pkgs.stdenv.mkDerivation {

     

       415
       -
               name = "tinc-cli-wrappers";

     

       416
       -
               nativeBuildInputs = [ pkgs.makeWrapper ];

     

       417
       -
               buildCommand = ''

     

       418
       -
                 mkdir -p $out/bin

     

       419
       -
                 ${concatStringsSep "\n" (mapAttrsToList (network: data:

     

       420
       -
                   optionalString (versionAtLeast data.package.version "1.1pre") ''

     

       421
       -
                     makeWrapper ${data.package}/bin/tinc "$out/bin/tinc.${network}" \

     

       422
       -
                       --add-flags "--pidfile=/run/tinc.${network}.pid" \

     

       423
       -
                       --add-flags "--config=/etc/tinc/${network}"

     

       424
       -
                   '') cfg.networks)}

     

       425
       -
               '';

     

       426
       -
             };

     

       427
       -
           in [ cli-wrappers ];

     

       428
        
       

     

       429
       -
           users.users = flip mapAttrs' cfg.networks (network: _:

     

       430
       -
             nameValuePair ("tinc.${network}") ({

     

       431
       -
               description = "Tinc daemon user for ${network}";

     

       432
       -
               isSystemUser = true;

     

       433
       -
               group = "tinc.${network}";

     

       434
       -
             })

     

       435
       -
           );

     

       436
       -
           users.groups = flip mapAttrs' cfg.networks (network: _:

     

       437
       -
             nameValuePair "tinc.${network}" {}

     

       438
       -
           );

     

       439
       -
         });

     

       440
        
       

     

       441
        
         meta.maintainers = with maintainers; [ minijackson mic92 ];

     

       442
        
       }

···

       351
        
       

     

       352
        
         config = mkIf (cfg.networks != { }) (

     

       353
        
           let

     

       354
       +
             etcConfig = foldr (a: b: a // b) { }

     

       355
       +
               (flip mapAttrsToList cfg.networks (network: data:

     

       356
       +
                 flip mapAttrs' data.hosts (host: text: nameValuePair

     

       357
       +
                   ("tinc/${network}/hosts/${host}")

     

       358
       +
                   ({ mode = "0644"; user = "tinc.${network}"; inherit text; })

     

       359
       +
                 ) // {

     

       360
       +
                   "tinc/${network}/tinc.conf" = {

     

       361
       +
                     mode = "0444";

     

       362
       +
                     text = ''

     

       363
       +
                       ${toTincConf ({ Interface = "tinc.${network}"; } // data.settings)}

     

       364
       +
                       ${data.extraConfig}

     

       365
       +
                     '';

     

       366
       +
                   };

     

       367
       +
                 }

     

       368
       +
               ));

     

       369
        
           in {

     

       370
       +
             environment.etc = etcConfig;

     

       371
        
       

     

       372
       +
             systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair

     

       373
       +
               ("tinc.${network}")

     

       374
       +
               (let version = getVersion data.package; in {

     

       375
       +
                 description = "Tinc Daemon - ${network}";

     

       376
       +
                 wantedBy = [ "multi-user.target" ];

     

       377
       +
                 path = [ data.package ];

     

       378
       +
                 reloadTriggers = mkIf (versionAtLeast version "1.1pre") [ (builtins.toJSON etcConfig) ];

     

       379
       +
                 restartTriggers = mkIf (versionOlder version "1.1pre") [ (builtins.toJSON etcConfig) ];

     

       380
       +
                 serviceConfig = {

     

       381
       +
                   Type = "simple";

     

       382
       +
                   Restart = "always";

     

       383
       +
                   RestartSec = "3";

     

       384
       +
                   ExecReload = mkIf (versionAtLeast version "1.1pre") "${data.package}/bin/tinc -n ${network} reload";

     

       385
       +
                   ExecStart = "${data.package}/bin/tincd -D -U tinc.${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}";

     

       386
       +
                 };

     

       387
       +
                 preStart = ''

     

       388
       +
                   mkdir -p /etc/tinc/${network}/hosts

     

       389
       +
                   chown tinc.${network} /etc/tinc/${network}/hosts

     

       390
       +
                   mkdir -p /etc/tinc/${network}/invitations

     

       391
       +
                   chown tinc.${network} /etc/tinc/${network}/invitations

     

       392
        
       

     

       393
       +
                   # Determine how we should generate our keys

     

       394
       +
                   if type tinc >/dev/null 2>&1; then

     

       395
       +
                     # Tinc 1.1+ uses the tinc helper application for key generation

     

       396
       +
                   ${if data.ed25519PrivateKeyFile != null then "  # ed25519 Keyfile managed by nix" else ''

     

       397
       +
                     # Prefer ED25519 keys (only in 1.1+)

     

       398
       +
                     [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys

     

       399
       +
                   ''}

     

       400
       +
                   ${if data.rsaPrivateKeyFile != null then "  # RSA Keyfile managed by nix" else ''

     

       401
       +
                     [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096

     

       402
       +
                   ''}

     

       403
       +
                     # In case there isn't anything to do

     

       404
       +
                     true

     

       405
       +
                   else

     

       406
       +
                     # Tinc 1.0 uses the tincd application

     

       407
       +
                     [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096

     

       408
       +
                   fi

     

       409
       +
                 '';

     

       410
       +
               })

     

       411
       +
             );

     

       412
        
       

     

       413
       +
             environment.systemPackages = let

     

       414
       +
               cli-wrappers = pkgs.stdenv.mkDerivation {

     

       415
       +
                 name = "tinc-cli-wrappers";

     

       416
       +
                 nativeBuildInputs = [ pkgs.makeWrapper ];

     

       417
       +
                 buildCommand = ''

     

       418
       +
                   mkdir -p $out/bin

     

       419
       +
                   ${concatStringsSep "\n" (mapAttrsToList (network: data:

     

       420
       +
                     optionalString (versionAtLeast data.package.version "1.1pre") ''

     

       421
       +
                       makeWrapper ${data.package}/bin/tinc "$out/bin/tinc.${network}" \

     

       422
       +
                         --add-flags "--pidfile=/run/tinc.${network}.pid" \

     

       423
       +
                         --add-flags "--config=/etc/tinc/${network}"

     

       424
       +
                     '') cfg.networks)}

     

       425
       +
                 '';

     

       426
       +
               };

     

       427
       +
             in [ cli-wrappers ];

     

       428
        
       

     

       429
       +
             users.users = flip mapAttrs' cfg.networks (network: _:

     

       430
       +
               nameValuePair ("tinc.${network}") ({

     

       431
       +
                 description = "Tinc daemon user for ${network}";

     

       432
       +
                 isSystemUser = true;

     

       433
       +
                 group = "tinc.${network}";

     

       434
       +
               })

     

       435
       +
             );

     

       436
       +
             users.groups = flip mapAttrs' cfg.networks (network: _:

     

       437
       +
               nameValuePair "tinc.${network}" {}

     

       438
       +
             );

     

       439
       +
           });

     

       440
        
       

     

       441
        
         meta.maintainers = with maintainers; [ minijackson mic92 ];

     

       442
        
       }